You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In production, we store secrets in a vault for secrets and we do not expose them as environment variables. The service requests a secret from the vault (database credentials) and receives them if authorized, those secrets are stored in memory only and could be unique for this service (the hashicorp Vault can generate database credentials on the fly). We thus need to tell the connection string at runtime when creating the client, which happens just after retrieving the secrets.
Solution
It seems like there is an undocumented way to pass a datasource to the client. It might be a way to override the datasource specified in the schema?
Additional context
Eventually we will also need the same way of securely passing the secret to the migration, most likely by having a programmatic access to the migrate up (if we don't already).
The text was updated successfully, but these errors were encountered:
I used the undocumented way to pass a datasource to the client in a previous version of prisma-multi-tenant. But now, I find it simplier to add an env in the schema:
url = env("DATABASE_URL")
And then dynamically change the ENV before instantiating:
Problem
In production, we store secrets in a vault for secrets and we do not expose them as environment variables. The service requests a secret from the vault (database credentials) and receives them if authorized, those secrets are stored in memory only and could be unique for this service (the hashicorp Vault can generate database credentials on the fly). We thus need to tell the connection string at runtime when creating the client, which happens just after retrieving the secrets.
Solution
It seems like there is an undocumented way to pass a datasource to the client. It might be a way to override the datasource specified in the schema?
Additional context
Eventually we will also need the same way of securely passing the secret to the migration, most likely by having a programmatic access to the
migrate up
(if we don't already).The text was updated successfully, but these errors were encountered: